Edition 0 Updated to asp. Net core 0


Authorization and minimal apis



Yüklə 11,82 Mb.
Pdf görüntüsü
səhifə282/288
tarix12.07.2023
ölçüsü11,82 Mb.
#136458
1   ...   278   279   280   281   282   283   284   285   ...   288
Authorization and minimal apis 
ASP.NET supports minimal APIs as an alternative to controller-based APIs. Authorization policies are 
the recommended way to configure authorization for minimal APIs, as this example demonstrates: 
// Program.cs
builder.
Services
.
AddAuthorizationBuilder
() 
.
AddPolicy
(
"admin_greetings"
, policy => 
policy 
.
RequireRole
(
"admin"

.
RequireScope
(
"greetings_api"
)); 
// build the app
app.
MapGet
(
"/hello"
, () => 
"Hello world!"

.
RequireAuthorization
(
"admin_greetings"
); 
Additional resources 

ASP.NET Core Authentication
https://learn.microsoft.com/aspnet/core/security/authentication/identity
 

ASP.NET Core Authorization
https://learn.microsoft.com/aspnet/core/security/authorization/introduction
 

Role-based Authorization
https://learn.microsoft.com/aspnet/core/security/authorization/roles
 

Custom Policy-Based Authorization
https://learn.microsoft.com/aspnet/core/security/authorization/policies
 

Authentication and authorization in minimal APIs
 
https://learn.microsoft.com/aspnet/core/fundamentals/minimal-apis/security
 
Store application secrets safely during development 
To connect with protected resources and other services, ASP.NET Core applications typically need to 
use connection strings, passwords, or other credentials that contain sensitive information. These 
sensitive pieces of information are called 
secrets
. It’s a best practice to not include secrets in sourc



332 
CHAPTER 8 | Make secure .NET Microservices and Web Applications 
code and making sure not to store secrets in source control. Instead, you should use the ASP.NET 
Core configuration model to read the secrets from more secure locations. 
You must separate the secrets for accessing development and staging resources from the ones used 
for accessing production resources, because different individuals will need access to those different 
sets of secrets. To store secrets used during development, common approaches are to either store 
secrets in environment variables or by using the ASP.NET Core Secret Manager tool. For more secure 
storage in production environments, microservices can store secrets in an Azure Key Vault. 

Yüklə 11,82 Mb.

Dostları ilə paylaş:
1   ...   278   279   280   281   282   283   284   285   ...   288




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin